Halfway into January, 2015 is starting to emerge as a year policymakers will focus more strongly on cybersecurity in the United States. Today President Obama took a significant step in sending a cybersecurity legislative package to Congress. His proposed legislation covers three topics: 1) enabling cybersecurity information sharing, 2) modernizing law enforcement authorities to combat cybercrime, and 3) national data breach notification requirements.
Being able to protect and defend our networks, and going after bad actors, are key parts of the cybersecurity equation. Thus, it’s appropriate that lawmakers focus on legislation improving cybersecurity threat information sharing in a way that protects privacy and offers adequate legal liability protection for businesses, and on legislation improving the government’s ability to deter, investigate, and prosecute cybercrime. And a properly written national data breach notification standard would go a long way in helping consumers protect themselves following a breach. Despite many people’s best effort—whether the result of cyber intrusions or simple negligence—data breaches can still, and unfortunately will, happen.
It’s worth noting that these efforts build upon a laudable past few years in which both industry and government substantially moved the needle on cybersecurity policies and operational practices. This included the administration’s Executive Order 13686, Improving Cybersecurity in Critical Infrastructure, the development, by all stakeholders, of the Framework for Improving Critical Infrastructure Cybersecurity (Framework), and Congress passing five cybersecurity bills—the first cybersecurity laws since 2002. At the same time, multiple sectors throughout the U.S. economy built on many longstanding cybersecurity efforts with a rapidly growing and impressive set of activities to improve cybersecurity risk management and foster awareness of the Framework.
The President today also announced that the White House will host a Summit on Cybersecurity and Consumer Protection at Stanford University on February 13, aimed at driving public and private sector activities related to the growing threats to consumers and commercial networks. As part of the administration’s efforts, Vice President Joe Biden today also announced $25 million in grants that will be awarded to thirteen Historically Black Colleges and Universities to support cybersecurity education over the next five years. Raising awareness and empowering stakeholders to improve their own cybersecurity, and educating the next generation of cyber professionals, are key pieces to the cybersecurity puzzle.
After years of tech industry efforts, cybersecurity is now viewed as a necessary function in today’s economy. We are proud of all of these activities, but of course more remains to be done. The President’s legislative proposals are a solid starting point for our work. ITI looks forward to reviewing these draft bills and engaging with lawmakers over the coming months. And we look forward to further engaging with the administration to contribute to the ongoing effort to improve cybersecurity.